What does this pull request do? Explain your changes. (required)
This fixes another issue from the audit regarding voting power provided to transcoders. The specific issue is when a transcoder gets to state where its self-bonding a 0 amount (delegateAddress non-zero).
The only known corner case that can trigger this inconsistency is a transcoder getting slashed 100% of its bond. In this case, it would still be self-delegating but a zero amount, which used to give it a zero voting power. Even with the https://github.com/livepeer/protocol/pull/626 fix, this would still cause problems as delegators would have more votes than the self-delegating transcoder.
Even though slashing is not used today [1] and this state (bondedAmount == 0 & delegateAddress != 0) being theoretically invalid, it is still possible to happen from the current BondingManager code. So it shouldn't hurt to be more reliable and consistent on the voting power logic.
[1] We could say there are 2 problems on it today: it doesn't update delegateAddress nor delegatedAmount when the transcoder is fully slashed (which might be an even more unrealistic scenario). Not worth making changes to that function rn so we can fix the new code instead.
Specific updates (required)
Update BondingVotes to not zero the voting power of transcoders with a 0 bondedAmount
How did you test each of these updates (required)yarn test with pending devnet deploy
victorges
commented
1 year ago
What does this pull request do? Explain your changes. (required) This fixes another issue from the audit regarding voting power provided to transcoders. The specific issue is when a transcoder gets to state where its self-bonding a
0amount (delegateAddressnon-zero).The only known corner case that can trigger this inconsistency is a transcoder getting slashed 100% of its bond. In this case, it would still be self-delegating but a zero amount, which used to give it a zero voting power. Even with the https://github.com/livepeer/protocol/pull/626 fix, this would still cause problems as delegators would have more votes than the self-delegating transcoder.
Even though slashing is not used today [1] and this state (
bondedAmount == 0 & delegateAddress != 0) being theoretically invalid, it is still possible to happen from the current BondingManager code. So it shouldn't hurt to be more reliable and consistent on the voting power logic.[1] We could say there are 2 problems on it today: it doesn't update
delegateAddressnordelegatedAmountwhen the transcoder is fully slashed (which might be an even more unrealistic scenario). Not worth making changes to that function rn so we can fix the new code instead.Specific updates (required)
bondedAmountHow did you test each of these updates (required)
yarn testwith pending devnet deployDoes this pull request close any open issues? Fixes https://github.com/code-423n4/2023-08-livepeer-findings/issues/194
Also related to this one, even though not a fix for it:
Checklist:
yarn testpass